---
title: Overview of Social Engineering
course: human_hacking
section: "Introduction"
layout: lesson
---

## What is social engineering?

Some people may think of social engineering as:

* "_Lying to people to get information_"

* "_Being a good actor_"

* "_To get stuff for free_"

Wikipedia defines it as "_the act of manipulating people into performing actions
or divulging confidential information. While similar to a confidence trick or
simple fraud, the term typically applies to trickery or deception for the
purpose of information gathering, fraud or computer system access; in most
cases, the attacker never comes face-to-face with the victim_".

Although it has been given a bad name by the plethora of "_free pizza_", "_free
coffee_" and "_how to pick up chicks_" sites, aspects of social engineering
actually touch many parts of daily life.

Webster's Dictionary defines social as "_of pertaining to the life, welfare and
relations of human beings in a community_". It also defines engineering as "_the
art or science of making practical application of the knowledge of pure
sciences, as physics or chemistry, as in the construction of engines, bridges,
buildings, mines, ships and chemical plants or skillful or artful contrivance;
maneuvering_".

Combining those two definitions, you can easily see that social engineering is
the art, or better yet, science or skillfully maneuvering human beings to take
action in some aspect of their lives.

This definition broadens the horizons of social engineers everywhere. Social
engineering is used in everyday life in the way children get their parents to
give into their demands. It is used in the way teachers interact with their
students, in the way doctors, lawyers or psychologists obtain information from
their patients or clients. It is definitely used in law enforcement and in
dating - _it is truly used in every human interaction from babies to politicians
and everyone in between_.

I like to take that definition a step further and say that a true definition of
social engineering is the act of manipulating a person to take an action that
_may_or _may not_ be in the "target's" best interest. This may include obtaining
information, gaining access or getting the target to take certain action.

For example, doctors, psychologists and therapists often use elements I consider
social engineering to "_manipulate_" their patients to take actions that are
good for them, whereas a con man uses elements of social engineering to convince
his target to take actions that lead to loss for them. Even though the end game
is much different, the approach may be very much the same. A psychologist may
use a series of well-conceived questions to help a patient to come to a
conclusion that change is needed. Similarly, a con man will use well-crafted
questions to move his target into a vulnerable position.

Both of these examples are social engineering at its truest form, but have very
different goals and results. Social engineering is not just about deceiving
people or lying or acting a part.

Social engineering is not just any one action but a collection of skills
mentioned in the framework that when put together make up the action, the skill
and the science that is called _Social Engineering_. In the same way, a
wonderful meal is not just one ingredient, but is made up by the careful
combining, mixing and adding of many ingredients. This is how I imagine social
engineering to be and a good social engineer is like a master chef. Put in a
little dab of elicitation, add a shake of manipulation and a few heaping
handfuls of pretexting, and bam! - _out comes a great meal of the perfect social
engineer_.

Of course, this course discusses some of these facets, but the main focus is
what you can learn from law enforcement, the politicians, the psychologists and
even children to better your abilities to audit and hten secure yourself.
Analysing how a child can manipulate a parent so easily gives the social
engineer insight into how the human mind works. Noticing how a psychologist
phrases questions can help to see what puts people at ease. Noticing how a law
enforcement agent performs a successful interrogation gives a clear path on how
to obtain information from a target. Seeing how governments and politicians
frame their messages for the greatest impact can show what works and what
doesn't. Analysing how an actor gets into a role can open your eyes to the
amazing world of pretexting. By dissecting the research and work of some of the
leading minds in microexpressions and persuasion you can see how to use these
techniques in social engineering. By reviewing some of the motivators of some of
the world's greatest salespeople and persuasion experts you can learn how to
build rapport, put people at ease and close deals.

Then, by researching and analysing the flip side of this coin - _the con men,
scam artists and thieves_ - you can learn how all of these skills come together
to influence people and move people in directions they thought they would never
go.

Mix this knowledge with the skills of lock picks, spies who use hidden cameras
and professional information gatherers and you have a talented social engineer.

You do not need to use every one of these skills in each engagement, nor can you
master every one of these skills. Instead, by understanding _how_ these skills
work and when to use them, anyone can master the science of social engineering.
It is strue that some people have a natural talent, like Kevin Mitnick, who
could talk anyoone into anything, it seemed. Frank Abagnale Jr., seemed to have
the natural talents to con people into believing he was who he wanted them to
believe he was. Victor Lusting did the unbelievable, actually convincing some
people that he had the rights to sell the Eifell Tower, topped only by his scam
on Al Capone.

These social engineers and many more like them seem to have natural talent or a
lack of fear that enables them to try things that most of us would never
consider attempting.
